From e83f51885bafbf212f734ba7aee15c64948978b2 Mon Sep 17 00:00:00 2001
From: Paul Couture <paul@paulcouture.com>
Date: Sun, 14 Jan 2024 11:19:59 -0600
Subject: [PATCH] fix: prevents self approval

---
 site/app/Http/Controllers/ArtworkController.php   | 3 +++
 site/resources/views/artworks/approvals.blade.php | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/site/app/Http/Controllers/ArtworkController.php b/site/app/Http/Controllers/ArtworkController.php
index 9069c2e..b5723a9 100644
--- a/site/app/Http/Controllers/ArtworkController.php
+++ b/site/app/Http/Controllers/ArtworkController.php
@@ -90,6 +90,9 @@ public function approve(Request $request)
             'artwork_id' => 'required|exists:artworks,id'
         ]);
         $artwork = Artwork::find($request->artwork_id);
+        if ($artwork->artist_id == $user->artists->first()->id) {
+            return redirect('/approve-artwork');
+        }
         if (is_null($artwork->approved_by)) {
             $artwork->approved_by = $user->artists->first()->id;
             $artwork->save();
diff --git a/site/resources/views/artworks/approvals.blade.php b/site/resources/views/artworks/approvals.blade.php
index a32cd79..47f6cbe 100644
--- a/site/resources/views/artworks/approvals.blade.php
+++ b/site/resources/views/artworks/approvals.blade.php
@@ -68,11 +68,15 @@ class="avatar" data-bs-toggle="tooltip"
                             </div>
                             {{-- End .product-owner --}}
                             <div class="action-wrapper py-5 d-flex align-items-center justify-content-center">
+                                @if (auth()->user()->artists->first()->id != $thisArtwork->artist_id)
                                 <form action="/approve-artworks" method="POST" class="approve-artwork-form" name="approve-artwork-{{ $thisArtwork->id}}" enctype="multipart/form-data">
                                     @csrf
                                     <input name="artwork_id" type="hidden" value="{{ $thisArtwork->id }}">
                                     <button type="submit" class="btn btn-gradient btn-medium justify-content-center"><span>Approve and Publish</span></button>
                                 </form>
+                                @else
+                                <p>You cannot approve your own</p>
+                                @endif
                             </div>
                         </div>
                     </div>
-- 
2.45.2